White-collar crime: The most dangerous perpetrators come from within companies
How criminals use security vulnerabilities and artificial intelligence to defraud companies and embezzle funds.
Every second case of fraud and embezzlement in German companies is attributable to the criminal behaviour of a company's own employees. This is based on figures from the German Insurance Association (GDV), which analysed around 4,400 fidelity insurance claims. According to the study, criminal employees cause even more damage than external perpetrators: "On average, criminal employees cost their employers around EUR 125,000 before they are discovered", says GDV Deputy Chief Executive Officer Anja Käfer-Rohrbach. External criminals cost on average EUR 80,000. "A company’s own employees enjoy a leap of faith and know exactly where the security gaps in the company are. That's why they usually remain undetected for longer and can take larger sums of money", says Käfer-Rohrbach.
White-collar criminals rely on artificial intelligence
In the other half of damage cases, companies are victims of external perpetrators, who are becoming increasingly sophisticated. "External perpetrators make very clever use of the possibilities of artificial intelligence to fake false identities", says Rüdiger Kirsch, Chairman of the GDV's Fidelity Insurance Working Group. According to insurers, fake audio and even video recordings are being used more and more in a so-called "fake president scam", where criminals pose as company executives. "Some go so far as to appear in video conferences as a board member or managing director", says Kirsch. It happens time and again that employees fail to recognise the fraud and transfer large sums of money to other people's accounts at the instruction of the alleged manager.
Protection through a good working atmosphere and effective control systems
In the experience of insurers, a good working atmosphere and open and transparent communication within a company reduces the risk of falling victim to criminals. At the same time, however, effective and efficient control systems need to be established and sensitive areas need to be doubly secured. This includes in particular:
- strictly observing the dual authorisation principle when making payments;
- adopting a binding code of conduct;
- providing regular training for employees;
- setting up a whistleblower system; and
- appointing a compliance officer.
If particularly vulnerable positions need to be filled, companies should also request a certificate of good conduct from the police. "Prevention cannot prevent every case. But it makes criminal activities more difficult and leads to faster detection", says Kirsch. If an employee is caught committing an offense, the conduct should also be punished consistently.
Examples
-
"Quadruplicate accounting"
Entity concerned: German corporate group
Perpetrator: CFO of the US subsidiary
Modus operandi: The perpetrator paid herself excessive salaries and bought things for herself at the company's expense. She covered up the payments by keeping a total of four false accounts, which she presented to internal contacts in the company as necessary. She explained inconsistencies to the CFO as alleged peculiarities of the US tax system.
Duration until discovery: 3 years
Loss incurred by the entity: Around EUR 1 billion
Circumstances within the entity facilitating the crime: No division of responsibilities within the subsidiary
Discovered by: Special audit by an independent auditing company after the figures were still not plausible in the third year
Options for prevention: Immediate clarification of notable inconsistencies
Motive for the crime / use of the loot: Perpetrator used the money to finance her expensive lifestyle
-
"Self-service"
Entity concerned: Hospital
Perpetrator: Kitchen foreman and head chef
Modus operandi: The perpetrators initially stole goods from the hospital's warehouses on a sporadic basis, but became more and more proficient over time. Food, crockery, textiles and bandages were stolen on a large scale, sometimes by the truckload. The stolen goods were then sold through the perpetrators’ own business and abroad.
Duration until discovery: 15 years
Loss incurred by the entity: Around EUR 3 billion
Circumstances within the entity facilitating the crime: The chef was able to dismiss several employees who had pointed out anomalies and thefts.
Discovered by: After suspicions reached the administrative director, the perpetrators were caught in the act.
Options for prevention: Whistleblower system, regular inventory
Motive for the crime / use of the loot: Perpetrators wanted to acquire real estate in other European countries using the proceeds.
-
"Video conference with CEO"
Entity concerned: Corporate group for engineering services
Modus operandi: An employee receives an e-mail that mentions "secret transactions". He might initially think it is a phishing e-mail. But after he speaks in a video conference with the group’s (fake) CFO and other (imposter) colleagues, his doubts disappear, convincing him to transfer funds to the accounts specified in the email.
Loss incurred by the entity: Around USD 25 billion
-
"The customer is king"
Entity concerned: Bank
Modus operandi: A bank manager is apparently called by a CEO he knows and asked to transfer USD 35 million to finance an alleged takeover. The deceptively realistic voice of the CEO announces that more detailed information will follow by email, which arrives just minutes later from the CEO's email address. The bank manager then makes the transfers.
Loss incurred by the entity: Around USD 35 billion
Background: Fidelity insurance
Fidelity insurance compensates companies if internal or external persons of trust embezzle funds or defraud a company. The current special study by GDV is based on around 4,400 claims from the years 2022/23, which resulted in insured losses of around EUR 450 million.
